The change won't affect all systems however the company notes, as only new installations are affected in the beginning.
Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal.
The list of exceptions to the new policy is long. Below is the most important information in regards to the new kernel mode drivers policy:
- PCs upgraded to Windows 10 Build 1607 from a previous version of Windows (for instance Windows 10 version 1511) are not affected by the change.
- PCs without Secure Boot functionality, or Secure Boot off, are not affected either.
- All drivers signed with cross-signing certificates that were issued prior to July 29, 2015 will continue to work.
- Boot drivers won't be blocked to prevent systems from failing to boot. They will be removed by the Program Compatibility Assistant however.
- The change affects only Windows 10 Version 1607. All previous versions of Windows are not affected.
Microsoft notes that the change is done to make Windows more secure for end-users.
We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software.
While the company states that certain setups won't be affected by the change, it appears that at least some of these exceptions will only be temporary.
As mentioned previously, boot drivers won't be blocked outright according to Microsoft. The company states however that Windows will eventually block boot drivers.
Microsoft mentions further that it "starts with" new installations of Windows 10 which suggests that it plans to remove some or even all of the exceptions in the future.
Kernel mode drivers are used by various programs on Windows. The list includes various security and backup programs, or VPN applications to name a few.
Any kernel mode driver not signed by Microsoft won't run anymore on new installations of Windows provided that the exceptions listed above don't apply.
This in turn makes the program non-functioning that relies on the driver.
While Windows 10 users may be affected by the change, so are developers. Companies may have enough funds to get the required certificates to get their drivers signed by Microsoft, but the same may not be true for hobby programmers or one-man teams.
The move will limit malicious kernel mode drivers on the other hand as well.
Now You: What is your take on the change?